Setup ehealth to support SNMPV3 discovery, reporting and polling

Document created by CHANDRA KUMAR BS on Oct 25, 2013Last modified by Melanie_Giuliani on Dec 17, 2016
Version 4Show Document
  • View in full screen mode

Hi Friends,

I have setup the ehealth 6.3.1 to support SNMPV3 device discovery. I have followed below steps and successfully implemented. I would like to share the steps with you all.

1. Prerequisites for Installing SNMPV3 Security Pack (DSSP)

1.1 The JavaTM Runtime Environment, version 1.5.1 or higher, is required to run MIBGuide.

1.2 Microsoft SNMP Service must be installed and then disabled.

To determine if the Microsoft SNMP Service is installed, and then disable the service, perform the following steps as a user with administrative privileges:

1. Open the Services menu. Select the Windows Start menu, Control Panel, Administrative Tools, and then select Services.

2. Find SNMP Service in the list of services.

• If SNMP Service is present, double click the entry to view more information about the service. Then, stop the service, and select “Manual” for the startup type to disable the service.

• If SNMP Service is not present in the services list, install and then disable it.

(a) Select the Windows Start menu, Control Panel, Add or Remove Programs, and then select Add/Remove Windows Components.

(b) Select Management and Monitoring Tools from the list of components.

(c) Select Next to install the components.

(d) From the Services menu, disable the SNMP Service.

Update MicrosoftWindows Firewall Settings

To make adjustments to the Microsoft Windows Firewall settings, Select Start->Control Panel->Windows Firewall.

Notice the list on the left hand side of the window, there is a choice called “Allow a program or feature through Windows Firewall.” When the user clicks on that choice, the ”Allows Programs” window is displayed.

Make sure that “SNMP” and “SNMP Service” are selected.

2.3 The Microsoft SNMP Trap Service

If the Microsoft SNMP Trap Service is running, the DSSP Server will be in conflict over the use of standard SNMP Trap port, 162. In this case, the DSSP Server may not receive Traps. To ensure that the DSSP Server will receive Traps on the standard SNMP Trap port, disable the Microsoft SNMP Trap Service. Otherwise, set the DSSP Server to listen for Traps on a port other than the default Trap port. Systems that use Network Node Manager must use port 4748.

The procedure may be performed either before or after software installation, but before starting the DSSP Server.

To determine if the Microsoft SNMP Trap Service is installed and then disable the service, perform the following steps as a user with administrative privileges:

1. Open the Services menu. Select the Windows Start menu, Control Panel, Administrative Tools, and select Services.

2. Find SNMP Trap Service in the list of services:

• If SNMP Trap Service is present, double click the entry to view more information about the service. To disable the service, stop it and select “Manual” for the startup type.

• If SNMP Trap Service is not present in the services list, install it and then disable it.

(a) Select the Windows Start menu, Control Panel, Add or Remove Programs, and then select Add/Remove Windows Components.

(b) Select Management and Monitoring Tools from the list of components.

(c) Select Next to install the components.

(d) From the Services menu, disable the SNMP Service.

To change the settings for the SNMP Trap port, perform the following steps as a user with administrator privileges:

1. Open the services file.

On most systems, the file is located in C:\WINDOWS\system32\drivers\etc.

2. Locate the snmp-trap entry:

snmp-trap 162/udp snmp

3. If the snmp-trap entry is set to 162, change the entry to 4748/udp. Specifically, Network Node Manager relies upon the Microsoft SNMP Trap Service to listen for traps from DSSP on port 4748. A different entry can be specified on systems that do not use NNM. In general, changing the entry prevents the DSSP Server from conflicting with the Microsoft SNMP Trap Service.

4.Save the services file.

Update MicrosoftWindows Firewall Settings

To make adjustments to the Microsoft Windows Firewall settings, Select Start->Control Panel->Windows Firewall.

Notice the list on the left hand side of the window, there is a choice called “Allow a program or feature through Windows Firewall.” When the user clicks on that choice, the ”Allows Programs” window is displayed.

Make sure that “SNMP” and “SNMP Service” are selected and “SNMP Trap” is not selected.

3 Installation of SNMPV3 Security Pack

1. Log in as a user with administrator privileges.

2. Copy the Snmpv3 dump to server on which you want to install.

3. Go to windows directory in dump and Run setup.exe.

4. Follow the instructions presented by the InstallAnywhere program.

By default, the software is installed in C:\Program Files\Snmpri.

4 Configuring ehealth to support SNMPV3 elements

After installing the Distributed SNMP Security Pack software you need to follow below steps to configure ehealth to support SNMPV3 elements.

4.1 Since the default arguments for the brassd proxy server are not sufficient for CA eHealth to poll large numbers of elements using SNMPv3 (> 6,000), when the brassd proxy server is started: you must change the default values to the following modified values:

A. Go to Snmpri\DSSP\brass\bin path through command prompt. B. Run below command

brassd -install -secpack -wbufnum 4096 -sndsocksize 32768 -rcvsocksize 174760

C. After running above command You will get below output.

"SNMP BRASS Server/Subagent/SecPack/DistSrv service already installed (installed arguments updated)"

D. Restart the "brassd" service to enable the changes.

4.2 Set the SNMP v3 - Proxy Address to specify the IP address and port number of the BRASS server installed as part of the SNMP Security Pack software (Default: 127.0.0.1:4747). To do this follow below steps.

A. Select Start > Settings > Control Panel. The Control Panel dialog box appears. B. Double-click System. The System Properties dialog box appears. C. Click the Advanced tab. D. Click Environment Variables. The Environment Variables dialog box appears. E. Under System variables, click New. The New System Variable dialog box appears. F. In the New System Variable dialog box, enter the following: •Variable Name – NH_SNMP_PROXY_ADDRESS •Variable Value – 127.0.0.1:4747

NOTE: Specify 127.0.0.1:4747 for the Variable Value unless you specified another port for the BRASS server during installation. G. Click OK to close the New System Variable dialog box.

H. Click OK to close the Environment Variables dialog box.

I. Click OK to close the System Properties dialog box. J. In the Control Panel dialog box, double-click Administrative Tools. The Administrative Tools dialog box appears.

K. Double-click Services. The Services dialog box appears.

L. In the list of services, select eHealth.

M. Right-click the eHealth service, then select Restart. The new variable is applied when eHealth restarts.

N. Close the Services dialog box.

4.3 Create an SNMP key information DCI file.

The SNMP key information DCI file contains SNMPv3 agent and key management information that allows CA eHealth to discover and poll elements by using the SNMPv3 protocol.

To create a DCI file to import SNMPv3 key configuration information, you use the CA eHealth standard header file for SNMP key information. You add other sections to this file, as needed, for the type of information and objects that you want to import.

4.4 Import SNMPv3 key configuration information for each of the devices that you want to discover using SNMPv3 protocols.

Run the below command to import the SNMPV3 key configuration information to the ehealth database.

nhImportSnmpKeyInfo -dciIn <filename.dci>

Note: Filename.dci is the file which you have created the dci file in previous step

4.5 Perform a discovery. The first time that you discover an element using the SNMPv3 protocol, the discover process may time out due to the extra security validation involved with SNMPv3. If the process times out, and you receive a NoResponse error message, modify the Discover Policy to increase the setting of the Timeout parameter.

Note:  If you want to do the changes in dci file first export the current configuration by using nhExportSnmpKeyInfo -dciOut <filename> command and do the changes. Once the changes done impost the snmp key info.

  Regards,

Chandra Kumar BS

Attachments

    Outcomes